GitHub/exynos8895/android_kernel_samsung_universal8895.git
18 years agoVFS: Remove redundant open-coded mode bit checks in open_exec().
Trond Myklebust [Wed, 23 Aug 2006 00:06:04 +0000 (20:06 -0400)]
VFS: Remove redundant open-coded mode bit checks in open_exec().

The check in open_exec() for inode->i_mode & 0111 has been made
redundant by the fix to permission().

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 1d3741c5d991686699f100b65b9956f7ee7ae0ae commit)

18 years agoVFS: Remove redundant open-coded mode bit check in prepare_binfmt().
Trond Myklebust [Wed, 23 Aug 2006 00:06:03 +0000 (20:06 -0400)]
VFS: Remove redundant open-coded mode bit check in prepare_binfmt().

The check in prepare_binfmt() for inode->i_mode & 0111 is redundant,
since open_exec() will already have done that.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 822dec482ced07af32c378cd936d77345786572b commit)

18 years agoVFS: Fix access("file", X_OK) in the presence of ACLs
Trond Myklebust [Wed, 23 Aug 2006 00:06:03 +0000 (20:06 -0400)]
VFS: Fix access("file", X_OK) in the presence of ACLs

Currently, the access() call will return incorrect information on NFS if
there exists an ACL that grants execute access to the user on a regular
file. The reason the information is incorrect is that the VFS overrides
this execute access in open_exec() by checking (inode->i_mode & 0111).

This patch propagates the VFS execute bit check back into the generic
permission() call.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 64cbae98848c4c99851cb0a405f0b4982cd76c1e commit)

18 years agoNFSv4: Add v4 exception handling for the ACL functions.
Trond Myklebust [Thu, 24 Aug 2006 16:27:15 +0000 (12:27 -0400)]
NFSv4: Add v4 exception handling for the ACL functions.

This is needed in order to handle any NFS4ERR_DELAY errors that might be
returned by the server. It also ensures that we map the NFSv4 errors before
they are returned to userland.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 71c12b3f0abc7501f6ed231a6d17bc9c05a238dc commit)

18 years agoNFS: Check lengths more thoroughly in NFS4 readdir XDR decode
David Howells [Thu, 24 Aug 2006 19:44:19 +0000 (15:44 -0400)]
NFS: Check lengths more thoroughly in NFS4 readdir XDR decode

Check the bounds of length specifiers more thoroughly in the XDR decoding of
NFS4 readdir reply data.

Currently, if the server returns a bitmap or attr length that causes the
current decode point pointer to wrap, this could go undetected (consider a
small "negative" length on a 32-bit machine).

Also add a check into the main XDR decode handler to make sure that the amount
of data is a multiple of four bytes (as specified by RFC-1014).  This makes
sure that we can do u32* pointer subtraction in the NFS client without risking
an undefined result (the result is undefined if the pointers are not correctly
aligned with respect to one another).

Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 5861fddd64a7eaf7e8b1a9997455a24e7f688092 commit)

18 years agoNFSv4: increase client-provided nfs4 clientid size
J. Bruce Fields [Thu, 24 Aug 2006 19:44:12 +0000 (15:44 -0400)]
NFSv4: increase client-provided nfs4 clientid size

Neil Brown observed that the current limit of 32 bytes isn't enough to hold two
ip addresses and the rest of the stuff we're putting in it, so it's often
truncated to the point where it's unlikely to be unique.  This can cause
spurious CLID_INUSE's from the server.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from fc8c17ec251e984ab3df9182ed097aa5b577c915 commit)

18 years agoSUNRPC: avoid choosing an IPMI port for RPC traffic
Chuck Lever [Wed, 23 Aug 2006 00:06:15 +0000 (20:06 -0400)]
SUNRPC: avoid choosing an IPMI port for RPC traffic

Some hardware uses port 664 for its hardware-based IPMI listener.  Teach
the RPC client to avoid using that port by raising the default minimum port
number to 665.

Test plan:
Find a mainboard known to use port 664 for IPMI; enable IPMI; mount NFS
servers in a tight loop.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 58e8cb3a035d22fc386e1c53a5d98c3f219530fb commit)

18 years agoNFS: Fix issue with EIO on NFS read
Trond Myklebust [Tue, 22 Aug 2006 17:44:32 +0000 (13:44 -0400)]
NFS: Fix issue with EIO on NFS read

The problem is that we may be caching writes that would extend the file and
create a hole in the region that we are reading. In this case, we need to
detect the eof from the server, ensure that we zero out the pages that
are part of the hole and mark them as up to date.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 856b603b01b99146918c093969b6cb1b1b0f1c01 commit)

18 years agoLOCKD: Fix a deadlock in nlm_traverse_files()
Trond Myklebust [Thu, 10 Aug 2006 15:58:57 +0000 (11:58 -0400)]
LOCKD: Fix a deadlock in nlm_traverse_files()

nlm_traverse_files() is not allowed to hold the nlm_file_mutex while calling
nlm_inspect file, since it may end up calling nlm_release_file() when
releaseing the blocks.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from e558d3cde986e04f68afe8c790ad68ef4b94587a commit)

18 years agoSUNRPC: Fix dentry refcounting issues with users of rpc_pipefs
Trond Myklebust [Mon, 14 Aug 2006 17:11:15 +0000 (13:11 -0400)]
SUNRPC: Fix dentry refcounting issues with users of rpc_pipefs

rpc_unlink() and rpc_rmdir() will dput the dentry reference for you.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from a05a57effa71a1f67ccbfc52335c10c8b85f3f6a commit)

18 years agoSUNRPC: rpc_unlink() must check for unhashed dentries
Trond Myklebust [Thu, 10 Aug 2006 21:51:46 +0000 (17:51 -0400)]
SUNRPC: rpc_unlink() must check for unhashed dentries

A prior call to rpc_depopulate() by rpc_rmdir() on the parent directory may
have already called simple_unlink() on this entry.
Add the same check to rpc_rmdir(). Also remove a redundant call to
rpc_close_pipes() in rpc_rmdir.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 0bbfb9d20f6437c4031aa3bf9b4d311a053e58e3 commit)

18 years agoNFS: clean up rpc_rmdir
Trond Myklebust [Mon, 31 Jul 2006 21:17:18 +0000 (14:17 -0700)]
NFS: clean up rpc_rmdir

Make it take a dentry argument instead of a path

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 648d4116eb2509f010f7f34704a650150309b3e7 commit)

18 years agoSUNRPC: make rpc_unlink() take a dentry argument instead of a path
Trond Myklebust [Mon, 31 Jul 2006 21:11:48 +0000 (14:11 -0700)]
SUNRPC: make rpc_unlink() take a dentry argument instead of a path

Signe-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 88bf6d811b01a4be7fd507d18bf5f1c527989089 commit)

18 years agoVFS: add lookup hint for network file systems
ASANO Masahiro [Wed, 23 Aug 2006 00:06:02 +0000 (20:06 -0400)]
VFS: add lookup hint for network file systems

I'm trying to speeding up mkdir(2) for network file systems.  A typical
mkdir(2) calls two inode_operations: lookup and mkdir.  The lookup
operation would fail with ENOENT in common case.  I think it is unnecessary
because the subsequent mkdir operation can check it.  In case of creat(2),
lookup operation is called with the LOOKUP_CREATE flag, so individual
filesystem can omit real lookup.  e.g.  nfs_lookup().

Here is a sample patch which uses LOOKUP_CREATE and O_EXCL on mkdir,
symlink and mknod.  This uses the gadget for creat(2).

And here is the result of a benchmark on NFSv3.
  mkdir(2) 10,000 times:
    original  50.5 sec
    patched   29.0 sec

Signed-off-by: ASANO Masahiro <masano@tnes.nec.co.jp>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from fab7bf44449b29f9d5572a5dd8adcf7c91d5bf0f commit)

18 years agoNFS: Fix a potential deadlock in nfs_release_page
Nikita Danilov [Wed, 9 Aug 2006 17:53:47 +0000 (13:53 -0400)]
NFS: Fix a potential deadlock in nfs_release_page

nfs_wb_page() waits on request completion and, as a result, is not safe to be
called from nfs_release_page() invoked by VM scanner as part of GFP_NOFS
allocation. Fix possible deadlock by analyzing gfp mask and refusing to
release page if __GFP_FS is not set.

Signed-off-by: Nikita Danilov <danilov@gmail.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 374d969debfb290bafcb41d28918dc6f7e43ce31 commit)

18 years agoMerge gregkh@master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Greg Kroah-Hartman [Fri, 18 Aug 2006 18:02:52 +0000 (11:02 -0700)]
Merge gregkh@/linux/kernel/git/davem/net-2.6

18 years agoMerge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
Greg Kroah-Hartman [Fri, 18 Aug 2006 16:20:04 +0000 (09:20 -0700)]
Merge branch 'merge' of git://git./linux/kernel/git/paulus/powerpc

18 years ago[BRIDGE]: Disable SG/GSO if TX checksum is off
Herbert Xu [Fri, 18 Aug 2006 01:22:32 +0000 (18:22 -0700)]
[BRIDGE]: Disable SG/GSO if TX checksum is off

When the bridge recomputes features, it does not maintain the
constraint that SG/GSO must be off if TX checksum is off.
This patch adds that constraint.

On a completely unrelated note, I've also added TSO6 and TSO_ECN
feature bits if GSO is enabled on the underlying device through
the new NETIF_F_GSO_SOFTWARE macro.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ip_tables: fix table locking in ipt_do_table
Patrick McHardy [Fri, 18 Aug 2006 01:13:53 +0000 (18:13 -0700)]
[NETFILTER]: ip_tables: fix table locking in ipt_do_table

table->private might change because of ruleset changes, don't use it without
holding the lock.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ctnetlink: fix deadlock in table dumping
Patrick McHardy [Fri, 18 Aug 2006 01:12:38 +0000 (18:12 -0700)]
[NETFILTER]: ctnetlink: fix deadlock in table dumping

ip_conntrack_put must not be called while holding ip_conntrack_lock
since destroy_conntrack takes it again.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[POWERPC] Fix the mpc8641_hpcn.dts file.
Jon Loeliger [Thu, 17 Aug 2006 17:24:42 +0000 (12:24 -0500)]
[POWERPC] Fix the mpc8641_hpcn.dts file.

Add 'linux,phandle' entry to i8259@4d0 node.

Signed-off-by: Zhang Wei <wei.zhang@freescale.com>
Signed-off-by: Jon Loeliger <jdl@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[POWERPC] Offer PCI as a CONFIG choice for PPC_86xx.
Jon Loeliger [Wed, 9 Aug 2006 15:37:28 +0000 (10:37 -0500)]
[POWERPC] Offer PCI as a CONFIG choice for PPC_86xx.

Also fix 80-column run-over.

Signed-off-by: Jon Loeliger <jdl@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[POWERPC] Add MPC8641 HPCN Device Tree Source file.
Jon Loeliger [Thu, 3 Aug 2006 21:27:57 +0000 (16:27 -0500)]
[POWERPC] Add MPC8641 HPCN Device Tree Source file.

As per list discussion, let's add device tree source files
under powerpc/boot/dts.  If nothing else, it is a starting point.

Signed-off-by: Jon Loeliger <jdl@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[POWERPC] Convert to mac-address for ethernet MAC address data.
Jon Loeliger [Thu, 17 Aug 2006 13:42:35 +0000 (08:42 -0500)]
[POWERPC] Convert to mac-address for ethernet MAC address data.

Also accept "local-mac-address".  However the old "address"
is now obsolete, but accepted for backwards compatibility.
It should be removed after all device trees have been
converted to use "mac-address".

Signed-off-by: Jon Loeliger <jdl@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[IPV4]: severe locking bug in fib_semantics.c
Alexey Kuznetsov [Thu, 17 Aug 2006 23:44:46 +0000 (16:44 -0700)]
[IPV4]: severe locking bug in fib_semantics.c

Found in 2.4 by Yixin Pan <yxpan@hotmail.com>.

> When I read fib_semantics.c of Linux-2.4.32, write_lock(&fib_info_lock) =
> is used in fib_release_info() instead of write_lock_bh(&fib_info_lock).  =
> Is the following case possible: a BH interrupts fib_release_info() while =
> holding the write lock, and calls ip_check_fib_default() which calls =
> read_lock(&fib_info_lock), and spin forever.

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MCAST]: Fix filter leak on device removal.
David L Stevens [Thu, 17 Aug 2006 23:27:39 +0000 (16:27 -0700)]
[MCAST]: Fix filter leak on device removal.

This fixes source filter leakage when a device is removed and a
process leaves the group thereafter.

This also includes corresponding fixes for IPv6 multicast source
filters on device removal.

Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Disallow whitespace in network device names.
David S. Miller [Tue, 15 Aug 2006 23:34:13 +0000 (16:34 -0700)]
[NET]: Disallow whitespace in network device names.

It causes way too much trouble and confusion in userspace.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[PPP]: handle kmalloc failures and convert to using kzalloc
Panagiotis Issaris [Tue, 15 Aug 2006 23:01:07 +0000 (16:01 -0700)]
[PPP]: handle kmalloc failures and convert to using kzalloc

The PPP code contains two kmalloc()s followed by memset()s without
handling a possible memory allocation failure.  (Suggested by Joe
Perches).

And furthermore, conversions from kmalloc+memset to kzalloc.

[akpm@osdl.org: fix error-path leak]
[akpm@osdl.org: cleanups]
[paulus@samba.org: don't add useless printk and cardmap_destroy calls]

Signed-off-by: Panagiotis Issaris <takis@issaris.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[PKT_SCHED] cls_u32: Fix typo.
Ralf Hildebrandt [Tue, 15 Aug 2006 09:12:43 +0000 (02:12 -0700)]
[PKT_SCHED] cls_u32: Fix typo.

Signed-off-by: Ralf Hildebrandt <Ralf.Hildebrandt@charite.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[ATM]: Compile error on ARM
Kevin Hilman [Tue, 15 Aug 2006 09:02:33 +0000 (02:02 -0700)]
[ATM]: Compile error on ARM

atm_proc_exit() is declared as __exit, and thus in .exit.text.  On
some architectures (ARM) .exit.text is discarded at compile time, and
since atm_proc_exit() is called by some other __init functions, it
results in a link error.

Signed-off-by: Kevin Hilman <khilman@mvista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[BNX2]: Convert to netdev_alloc_skb()
Michael Chan [Tue, 15 Aug 2006 08:39:36 +0000 (01:39 -0700)]
[BNX2]: Convert to netdev_alloc_skb()

Convert dev_alloc_skb() to netdev_alloc_skb() and increase default
rx ring size to 255. The old ring size of 100 was too small.

Update version to 1.4.44.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[BNX2]: Fix tx race condition.
Michael Chan [Tue, 15 Aug 2006 08:39:10 +0000 (01:39 -0700)]
[BNX2]: Fix tx race condition.

Fix a subtle race condition between bnx2_start_xmit() and bnx2_tx_int()
similar to the one in tg3 discovered by Herbert Xu:

CPU0 CPU1
bnx2_start_xmit()
if (tx_ring_full) {
tx_lock
bnx2_tx()
if (!netif_queue_stopped)
netif_stop_queue()
if (!tx_ring_full)
update_tx_ring
netif_wake_queue()
tx_unlock
}

Even though tx_ring is updated before the if statement in bnx2_tx_int() in
program order, it can be re-ordered by the CPU as shown above.  This
scenario can cause the tx queue to be stopped forever if bnx2_tx_int() has
just freed up the entire tx_ring.  The possibility of this happening
should be very rare though.

The following changes are made, very much identical to the tg3 fix:

1. Add memory barrier to fix the above race condition.

2. Eliminate the private tx_lock altogether and rely solely on
netif_tx_lock.  This eliminates one spinlock in bnx2_start_xmit()
when the ring is full.

3. Because of 2, use netif_tx_lock in bnx2_tx_int() before calling
netif_wake_queue().

4. Add memory barrier to bnx2_tx_avail().

5. Add bp->tx_wake_thresh which is set to half the tx ring size.

6. Check for the full wake queue condition before getting
netif_tx_lock in tg3_tx().  This reduces the number of unnecessary
spinlocks when the tx ring is full in a steady-state condition.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Terminology in ip-sysctl.txt
Jan "Yenya" Kasprzak [Tue, 15 Aug 2006 08:33:50 +0000 (01:33 -0700)]
[NET]: Terminology in ip-sysctl.txt

this minor patch fixes the description of net.ipv4.tcp_mem sysctl
in ip-sysctl.txt - the headline names the values "min, pressure, max",
while the description uses the "low, pressure, high" values.
Both tcp_rmem and tcp_wmem descriptions use the "min, pressure, max"
values, so I have changed the tcp_mem to match this and not vice versa.

Signed-off-by: Jan "Yenya" Kasprzak <kas@fi.muni.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV4]: Possible leak of multicast source filter sctructure
Michal Ruzicka [Tue, 15 Aug 2006 07:20:17 +0000 (00:20 -0700)]
[IPV4]: Possible leak of multicast source filter sctructure

There is a leak of a socket's multicast source filter list structure
on closing a socket with a multicast source filter set on an interface
that does not exist any more.

Signed-off-by: Michal Ruzicka <michal.ruzicka@comstar.cz>
Acked-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] lockdep: annotate __icmpv6_socket
Ingo Molnar [Tue, 15 Aug 2006 07:06:56 +0000 (00:06 -0700)]
[IPV6] lockdep: annotate __icmpv6_socket

Split off __icmpv6_socket's sk->sk_dst_lock class, because it gets
used from softirqs, which is safe for __icmpv6_sockets (because they
never get directly used via userspace syscalls), but unsafe for normal
sockets.

Has no effect on non-lockdep kernels.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: xt_physdev build fix
Andrew Morton [Tue, 15 Aug 2006 07:04:56 +0000 (00:04 -0700)]
[NETFILTER]: xt_physdev build fix

It needs netfilter_bridge.h for brnf_deferred_hooks

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Fix potential stack overflow in net/core/utils.c
Suresh Siddha [Tue, 15 Aug 2006 07:03:01 +0000 (00:03 -0700)]
[NET]: Fix potential stack overflow in net/core/utils.c

On High end systems (1024 or so cpus) this can potentially cause stack
overflow.  Fix the stack usage.

Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[VLAN]: Make sure bonding packet drop checks get done in hwaccel RX path.
David S. Miller [Tue, 15 Aug 2006 00:08:36 +0000 (17:08 -0700)]
[VLAN]: Make sure bonding packet drop checks get done in hwaccel RX path.

Since __vlan_hwaccel_rx() is essentially bypassing the
netif_receive_skb() call that would have occurred if we did the VLAN
decapsulation in software, we are missing the skb_bond() call and the
assosciated checks it does.

Export those checks via an inline function, skb_bond_should_drop(),
and use this in __vlan_hwaccel_rx().

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[POWERPC] powerpc: Clear HID0 attention enable on PPC970 at boot time
Olof Johansson [Mon, 7 Aug 2006 01:51:25 +0000 (20:51 -0500)]
[POWERPC] powerpc: Clear HID0 attention enable on PPC970 at boot time

Clear HID0[en_attn] at CPU init time on PPC970.  Closes CVE-2006-4093.

Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[POWERPC] Fix irq radix tree remapping typo
Benjamin Herrenschmidt [Thu, 17 Aug 2006 01:59:27 +0000 (03:59 +0200)]
[POWERPC] Fix irq radix tree remapping typo

The code for using the radix tree for reverse mapping of interrupts has
a typo that causes it to create incorrect mappings if the software and
hardware numbers happen to be different. This would, among others, cause
the IDE interrupt to fail on js20's. This fixes it.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[POWERPC] kprobes: Fix possible system crash during out-of-line single-stepping
Ananth N Mavinakayanahalli [Fri, 11 Aug 2006 11:31:34 +0000 (17:01 +0530)]
[POWERPC] kprobes: Fix possible system crash during out-of-line single-stepping

- On archs that have no-exec support, we vmalloc() a executable scratch
area of PAGE_SIZE and divide it up into an array of slots of maximum
instruction size for that arch
- On a kprobe registration, the original instruction is copied to the
first available free slot, so if multiple kprobes are registered, chances
are, they get contiguous slots
- On POWER4, due to not having coherent icaches, we could hit a situation
where a probe that is registered on one processor, is hit immediately on
another. This second processor could have fetched the stream of text from
the out-of-line single-stepping area *before* the probe registration
completed, possibly due to an earlier (and a different) kprobe hit and
hence would see stale data at the slot.

Executing such an arbitrary instruction lead to a problem as reported
in LTC bugzilla 23555.

The correct solution is to call flush_icache_range() as soon as the
instruction is copied for out-of-line single-stepping, so the correct
instruction is seen on all processors.

Thanks to Will Schmidt who tracked this down.

Signed-off-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Acked-by: Will Schmidt <will_schmidt@vnet.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[POWERPC] Make crash.c work on 32-bit and 64-bit
Michael Ellerman [Wed, 5 Jul 2006 04:39:43 +0000 (14:39 +1000)]
[POWERPC] Make crash.c work on 32-bit and 64-bit

To compile kexec on 32-bit we need a few more bits and pieces. Rather
than add empty definitions, we can make crash.c work on 32-bit, with
only a couple of kludges.

Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[POWERPC] Move some kexec logic into machine_kexec.c
Michael Ellerman [Wed, 5 Jul 2006 04:39:42 +0000 (14:39 +1000)]
[POWERPC] Move some kexec logic into machine_kexec.c

We're missing a few functions for kexec to compile on 32-bit. There's
nothing really 64-bit specific about the 64-bit versions, so make them
generic rather than adding empty definitions for 32-bit.

Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[POWERPC] update {g5,iseries,pseries}_defconfigs
Will Schmidt [Tue, 8 Aug 2006 14:40:00 +0000 (09:40 -0500)]
[POWERPC] update {g5,iseries,pseries}_defconfigs

Updating the defconfigs for iseries, pseries, and G5.   Sticking with
the defaults, with the following exceptions:  I've turned off HW_RANDOM
for all three configs.   For G5, I've enabled SND_AOA and friends as
modules; this includes the FABRIC_LAYOUT, ONYX, TAS, TOONIE and
SOUNDBUS* config options.

Signed-off-by: Will Schmidt <will_schmidt@vnet.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[POWERPC] Make secondary CPUs call into kdump on reset exception
David Wilder [Thu, 29 Jun 2006 22:17:30 +0000 (15:17 -0700)]
[POWERPC] Make secondary CPUs call into kdump on reset exception

In the case of a system hang, the user will invoke soft-reset to
initiate the kdump boot.  If xmon is enabled, the CPU(s) enter into the
xmon debugger.   Unfortunately, the secondary CPU(s) will return to the
hung state when they exit from the debugger (returned from die() ->
system_reset_exception()).  This causes a problem in kdump since the
hung CPU(s) will not respond to the IPI sent from kdump.  This patch
fixes the issue by calling crash_kexec_secondary() directly from
system_reset_exception() without returning to the previous state.  These
secondary CPUs wait 5ms until the kdump boot is started by the primary
CPU.   In the case we exited from the debugger to "recover" (command 'x'
in xmon) the primary and the secondary CPUs will all return from die()
-> system_reset_exception() ->crash_kexec_secondary() wait 5ms, then
return to the previous state.  A kdump boot is not started in this case.

Signed-off-by: Haren Myneni <haren@us.ibm.com>
Signed-off-by: David Wilder <dwilder@us.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-2.6.18
Greg Kroah-Hartman [Wed, 16 Aug 2006 19:41:16 +0000 (12:41 -0700)]
Merge git://git./linux/kernel/git/sam/kbuild-2.6.18

18 years agokbuild: correct assingment to CFLAGS with CROSS_COMPILE
Sam Ravnborg [Wed, 16 Aug 2006 19:14:08 +0000 (21:14 +0200)]
kbuild: correct assingment to CFLAGS with CROSS_COMPILE

Some architectures change $CC in arch/$(ARCH)/Makefile
mips is one example.

That have impact on what options are supported by gcc so move all
$(call cc-option, ...) after include of arch specific Makefile.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
18 years agoMerge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6
Greg Kroah-Hartman [Wed, 16 Aug 2006 15:51:04 +0000 (08:51 -0700)]
Merge branch 'for-linus' of git://git390.osdl.marist.edu/linux-2.6

18 years ago[S390] kernel page table allocation.
Heiko Carstens [Wed, 16 Aug 2006 11:49:37 +0000 (13:49 +0200)]
[S390] kernel page table allocation.

Don't waste DMA capable pages for identity mapping page tables.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
18 years ago[S390] inaccessible PAV alias devices on LPAR.
Peter Oberparleiter [Wed, 16 Aug 2006 11:49:33 +0000 (13:49 +0200)]
[S390] inaccessible PAV alias devices on LPAR.

In some situations PAV alias devices on LPAR are not accessible.
The initialization procedure required to enable access to PAV alias
devices has to be performed per storage server subsystem and not
only once per storage server.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
18 years ago[S390] dasd slab cache alignment.
Heiko Carstens [Wed, 16 Aug 2006 11:49:27 +0000 (13:49 +0200)]
[S390] dasd slab cache alignment.

The dasd_page_cache should return page addresses and therefore the
cache must be created with an alignment of PAGE_SIZE.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
18 years agoMerge gregkh@master.kernel.org:/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog
Greg Kroah-Hartman [Wed, 16 Aug 2006 08:38:39 +0000 (01:38 -0700)]
Merge gregkh@/linux/kernel/git/wim/linux-2.6-watchdog

18 years ago[PATCH] PATCH: 1 line 2.6.18 bugfix: modpost-64bit-fix.patch
Hans de Goede [Tue, 15 Aug 2006 10:09:27 +0000 (12:09 +0200)]
[PATCH] PATCH: 1 line 2.6.18 bugfix: modpost-64bit-fix.patch

There is a small but annoying bug in scripts/mod/file2alias.c which causes
it to generate invalid aliases for input devices on 64 bit archs. This causes
joydev.ko to not be automaticly loaded when inserting a joystick, resulting in
a non working joystick (for the average user).

In scripts/mod/file2alias.c is the following code for generating the input
aliases:
static void do_input(char *alias,
                     kernel_ulong_t *arr, unsigned int min, unsigned int max)
{
        unsigned int i;

        for (i = min; i < max; i++)
                if (arr[i / BITS_PER_LONG] & (1 << (i%BITS_PER_LONG)))
                        sprintf(alias + strlen(alias), "%X,*", i);
}

On 32 bits systems, this correctly generates "0,*" for the first alias, "8,*"
for the second etc.

However on 64 bits it generates: "0,*20,*" resp "8,*28,*" Notice how it adds 20
+ first entry (hex) ! to the list of hex codes, which is 32 more then the first
entry, thus is because the bit test above wraps at 32 bits instead of 64.

scripts/mod/file2alias.c, line 379 reads:
                if (arr[i / BITS_PER_LONG] & (1 << (i%BITS_PER_LONG)))
That should be:
                if (arr[i / BITS_PER_LONG] & (1L << (i%BITS_PER_LONG)))

Notice the added 'L' after the 1, otherwise that is an 32 bit int instead of a
64 bit long, and when that int gets shifted >= 32 times, appearantly the number
by which to shift is wrapped at 5 bits ( % 32) causing it to test a bit 32 bits
too low.

The patch below makes the nescesarry 1 char change :)

Signed-off-by: Hans de Goede <j.w.r.degoede@hhs.nl>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agoMerge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfashe...
Greg Kroah-Hartman [Tue, 15 Aug 2006 19:31:36 +0000 (12:31 -0700)]
Merge branch 'upstream-linus' of git://git./linux/kernel/git/mfasheh/ocfs2

18 years ago[WATCHDOG] Kconfig typos fix.
Matt LaPlante [Wed, 5 Jul 2006 01:20:51 +0000 (01:20 +0000)]
[WATCHDOG] Kconfig typos fix.

Three typos in drivers/char/watchdog/Kconfig...

Signed-off-by: Matt LaPlante <kernel1@cyberdogtech.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
18 years ago[PATCH] fcntl(F_SETSIG) fix
Trond Myklebust [Mon, 14 Aug 2006 15:54:48 +0000 (08:54 -0700)]
[PATCH] fcntl(F_SETSIG) fix

fcntl(F_SETSIG) no longer works on leases because
lease_release_private_callback() gets called as the lease is copied in
order to initialise it.

The problem is that lease_alloc() performs an unnecessary initialisation,
which sets the lease_manager_ops.  Avoid the problem by allocating the
target lease structure using locks_alloc_lock().

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] fuse: fix error case in fuse_readpages
Alexander Zarochentsev [Mon, 14 Aug 2006 06:24:27 +0000 (23:24 -0700)]
[PATCH] fuse: fix error case in fuse_readpages

Don't let fuse_readpages leave the @pages list not empty when exiting
on error.

[akpm@osdl.org: kernel-doc fixes]
Signed-off-by: Alexander Zarochentsev <zam@namesys.com>
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] workqueue: remove lock_cpu_hotplug()
Andrew Morton [Mon, 14 Aug 2006 06:24:26 +0000 (23:24 -0700)]
[PATCH] workqueue: remove lock_cpu_hotplug()

Use a private lock instead.  It protects all per-cpu data structures in
workqueue.c, including the workqueues list.

Fix a bug in schedule_on_each_cpu(): it was forgetting to lock down the
per-cpu resources.

Unfixed long-standing bug: if someone unplugs the CPU identified by
`singlethread_cpu' the kernel will get very sick.

Cc: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] fbdev: include backlight.h only when __KERNEL__ is defined
Michal Januszewski [Mon, 14 Aug 2006 06:24:26 +0000 (23:24 -0700)]
[PATCH] fbdev: include backlight.h only when __KERNEL__ is defined

linux/backlight.h pulls in header files (eg.  ioport.h) that break
compilation of userspace programs.  To solve the problem, only include
backlight.h in fb.h if compiling kernel stuff.

Signed-off-by: Michal Januszewski <spock@gentoo.org>
Cc: "Antonino A. Daplas" <adaplas@pol.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] futex_handle_fault always fails
john stultz [Mon, 14 Aug 2006 06:24:24 +0000 (23:24 -0700)]
[PATCH] futex_handle_fault always fails

We found this issue last week w/ the -RT kernel, but it seems the same
issue is in mainline as well.

Basically it is possible for futex_unlock_pi to return without actually
freeing the lock.  This is due to buggy logic in the use of
futex_handle_fault() and its attempt argument in a failure case.

Looking at futex.c the logic is as follows:

1) In futex_unlock_pi() we start w/ ret=0 and we go down to the first
   futex_atomic_cmpxchg_inatomic(), where we find uval==-EFAULT.  We then
   jump to the pi_faulted label.

2) From pi_faulted: We increment attempt, unlock the sem and hit the
   retry label.

3) From the retry label, with ret still zero, we again hit EFAULT on the
   first futex_atomic_cmpxchg_inatomic(), and again goto the pi_faulted
   label.

4) Again from pi_faulted: we increment attempt and enter the
   conditional, where we call futex_handle_fault.

5) futex_handle_fault fails, and we goto the out_unlock_release_sem
   label.

6) From out_unlock_release_sem we return, and since ret is still zero,
   we return without error, while never actually unlocking the lock.

Issue #1: at the first futex_atomic_cmpxchg_inatomic() we should probably
be setting ret=-EFAULT before jumping to pi_faulted: However in our case
this doesn't really affect anything, as the glibc we're using ignores the
error value from futex_unlock_pi().

Issue #2: Look at futex_handle_fault(), its first conditional will return
-EFAULT if attempt is >= 2.  However, from the "if(attempt++)
futex_handle_fault(attempt)" logic above, we'll *never* call
futex_handle_fault when attempt is less then two.  So we never get a chance
to even try to fault the page in.

The following patch addresses these two issues by 1) Always setting ret to
-EFAULT if futex_handle_fault fails, and 2) Removing the = in
futex_handle_fault's (attempt >= 2) check.

I'm really not sure this is the right fix, but wanted to bring it up so
folks knew the issue is alive and well in the current -git tree.  From
looking at the git logs the logic was first introduced (then later copied
to other places) in the following commit almost a year ago:

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4732efbeb997189d9f9b04708dc26bf8613ed721;hp=5b039e681b8c5f30aac9cc04385cc94be45d0823

Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Ingo Molnar <mingo@elte.hu>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] sys_getppid oopses on debug kernel
Kirill Korotaev [Mon, 14 Aug 2006 06:24:23 +0000 (23:24 -0700)]
[PATCH] sys_getppid oopses on debug kernel

sys_getppid() optimization can access a freed memory.  On kernels with
DEBUG_SLAB turned ON, this results in Oops.  As Dave Hansen noted, this
optimization is also unsafe for memory hotplug.

So this patch always takes the lock to be safe.

[oleg@tv-sign.ru: simplifications]
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Cc: <stable@kernel.org>
Cc: Dave Hansen <haveblue@us.ibm.com>
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] Change panic_on_oops message to "Fatal exception"
Horms [Mon, 14 Aug 2006 06:24:22 +0000 (23:24 -0700)]
[PATCH] Change panic_on_oops message to "Fatal exception"

Previously the message was "Fatal exception: panic_on_oops", as introduced
in a recent patch whith removed a somewhat dangerous call to ssleep() in
the panic_on_oops path.  However, Paul Mackerras suggested that this was
somewhat confusing, leadind people to believe that it was panic_on_oops
that was the root cause of the fatal exception.  On his suggestion, this
patch changes the message to simply "Fatal exception".  A suitable oops
message should already have been displayed.

Signed-off-by: Simon Horman <horms@verge.net.au>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] dm: BUG/OOPS fix
Michal Miroslaw [Mon, 14 Aug 2006 06:24:20 +0000 (23:24 -0700)]
[PATCH] dm: BUG/OOPS fix

Fix BUG I tripped on while testing failover and multipathing.

BUG shows up on error path in multipath_ctr() when parse_priority_group()
fails after returning at least once without error.  The fix is to
initialize m->ti early - just after alloc()ing it.

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c027c3d2
*pde = 00000000
Oops: 0000 [#3]
Modules linked in: qla2xxx ext3 jbd mbcache sg ide_cd cdrom floppy
CPU:    0
EIP:    0060:[<c027c3d2>]    Not tainted VLI
EFLAGS: 00010202   (2.6.17.3 #1)
EIP is at dm_put_device+0xf/0x3b
eax: 00000001   ebx: ee4fcac0   ecx: 00000000   edx: ee4fcac0
esi: ee4fc4e0   edi: ee4fc4e0   ebp: 00000000   esp: c5db3e78
ds: 007b   es: 007b   ss: 0068
Process multipathd (pid: 15912, threadinfo=c5db2000 task=ef485a90)
Stack: ec4eda40 c02816bd ee4fc4c0 00000000 f7e89498 f883e0bc c02816f6 f7e89480
       f7e8948c c0281801 ffffffea f7e89480 f883e080 c0281ffe 00000001 00000000
       00000004 dfe9cab8 f7a693c0 f883e080 f883e0c0 ca4b99c0 c027c6ee 01400000
Call Trace:
 <c02816bd> free_pgpaths+0x31/0x45  <c02816f6> free_priority_group+0x25/0x2e
 <c0281801> free_multipath+0x35/0x67  <c0281ffe> multipath_ctr+0x123/0x12d
 <c027c6ee> dm_table_add_target+0x11e/0x18b  <c027e5b4> populate_table+0x8a/0xaf
 <c027e62b> table_load+0x52/0xf9  <c027ec23> ctl_ioctl+0xca/0xfc
 <c027e5d9> table_load+0x0/0xf9  <c0152146> do_ioctl+0x3e/0x43
 <c0152360> vfs_ioctl+0x16c/0x178  <c01523b4> sys_ioctl+0x48/0x60
 <c01029b3> syscall_call+0x7/0xb
Code: 97 f0 00 00 00 89 c1 83 c9 01 80 e2 01 0f 44 c1 88 43 14 8b 04 24 59 5b 5e 5f 5d c3 53 89 c1 89 d3 ff 4a 08 0f 94 c0 84 c0 74 2a <8b> 01 8b 10 89 d8 e8 f6 fb ff ff 8b 03 8b 53 04 89 50 04 89 02
EIP: [<c027c3d2>] dm_put_device+0xf/0x3b SS:ESP 0068:c5db3e78

Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl>
Acked-by: Alasdair G Kergon <agk@redhat.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] panic.c build fix
Andrew Morton [Mon, 14 Aug 2006 06:24:19 +0000 (23:24 -0700)]
[PATCH] panic.c build fix

kernel/panic.c: In function 'add_taint':
kernel/panic.c:176: warning: implicit declaration of function 'debug_locks_off'

Cc: Andi Kleen <ak@muc.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] fix hrtimer percpu usage typo
Jan Blunck [Mon, 14 Aug 2006 06:24:19 +0000 (23:24 -0700)]
[PATCH] fix hrtimer percpu usage typo

The percpu variable is used incorrectly in switch_hrtimer_base().

Signed-off-by: Jan Blunck <jblunck@suse.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] initialize parts of udf inode earlier in create
Dan Bastone [Mon, 14 Aug 2006 06:24:18 +0000 (23:24 -0700)]
[PATCH] initialize parts of udf inode earlier in create

Eric says:

> I saw an oops down this path when trying to create a new file on a UDF
> filesystem which was internally marked as readonly, but mounted rw:
>
> udf_create
>         udf_new_inode
>                 new_inode
>                         alloc_inode
>                          udf_alloc_inode
>                 udf_new_block
>                         returns EIO due to readonlyness
>                 iput (on error)

I ran into the same issue today, but when listing a directory with
invalid/corrupt entries:

udf_lookup
        udf_iget
                get_new_inode_fast
                        alloc_inode
                                udf_alloc_inode
                __udf_read_inode
                        fails for any reason
                iput (on error)
                        ...

The following patch to udf_alloc_inode() should take care of both (and
other similar) cases, but I've only tested it with udf_lookup().

Signed-off-by: Dan Bastone <dan@pwienterprises.com>
Cc: Eric Sandeen <sandeen@sandeen.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] adfs error message fix
Andrew Morton [Mon, 14 Aug 2006 06:24:17 +0000 (23:24 -0700)]
[PATCH] adfs error message fix

Don't use NULL as a printf control string.  Fixes bug #6889.

Cc: Ralph Corderoy <ralph@inputplus.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[PATCH] add imacfb documentation and detection
Edgar Hucek [Mon, 14 Aug 2006 06:24:16 +0000 (23:24 -0700)]
[PATCH] add imacfb documentation and detection

Add basic Machine detection to imacfb and some Ducumentation bits for
imacfb.

Signed-off-by: Edgar Hucek <hostmaster@ed-soft.at>
Cc: "Antonino A. Daplas" <adaplas@pol.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years ago[INET]: Use pskb_trim_unique when trimming paged unique skbs
Herbert Xu [Mon, 14 Aug 2006 03:12:58 +0000 (20:12 -0700)]
[INET]: Use pskb_trim_unique when trimming paged unique skbs

The IPv4/IPv6 datagram output path was using skb_trim to trim paged
packets because they know that the packet has not been cloned yet
(since the packet hasn't been given to anything else in the system).

This broke because skb_trim no longer allows paged packets to be
trimmed.  Paged packets must be given to one of the pskb_trim functions
instead.

This patch adds a new pskb_trim_unique function to cover the IPv4/IPv6
datagram output path scenario and replaces the corresponding skb_trim
calls with it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ulog: fix panic on SMP kernels
Mark Huang [Mon, 14 Aug 2006 01:57:54 +0000 (18:57 -0700)]
[NETFILTER]: ulog: fix panic on SMP kernels

Fix kernel panic on various SMP machines. The culprit is a null
ub->skb in ulog_send(). If ulog_timer() has already been scheduled on
one CPU and is spinning on the lock, and ipt_ulog_packet() flushes the
queue on another CPU by calling ulog_send() right before it exits,
there will be no skbuff when ulog_timer() acquires the lock and calls
ulog_send(). Cancelling the timer in ulog_send() doesn't help because
it has already been scheduled and is running on the first CPU.

Similar problem exists in ebt_ulog.c and nfnetlink_log.c.

Signed-off-by: Mark Huang <mlhuang@cs.princeton.edu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: {arp,ip,ip6}_tables: proper error recovery in init path
Patrick McHardy [Mon, 14 Aug 2006 01:57:28 +0000 (18:57 -0700)]
[NETFILTER]: {arp,ip,ip6}_tables: proper error recovery in init path

Neither of {arp,ip,ip6}_tables cleans up behind itself when something goes
wrong during initialization.

Noticed by Rennie deGraaf <degraaf@cpsc.ucalgary.ca>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[LLC]: multicast receive device match
Stephen Hemminger [Mon, 14 Aug 2006 01:56:26 +0000 (18:56 -0700)]
[LLC]: multicast receive device match

Fix from Aji_Srinivas@emc.com, STP packets are incorrectly received on
all LLC datagram sockets, whichever interface they are bound to.  The
llc_sap datagram receive logic sends packets with a unicast
destination MAC to one socket bound to that SAP and MAC, and multicast
packets to all sockets bound to that SAP. STP packets are multicast,
and we do need to know on which interface they were received.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPSEC]: Validate properly in xfrm_dst_check()
David S. Miller [Mon, 14 Aug 2006 01:55:53 +0000 (18:55 -0700)]
[IPSEC]: Validate properly in xfrm_dst_check()

If dst->obsolete is -1, this is a signal from the
bundle creator that we want the XFRM dst and the
dsts that it references to be validated on every
use.

I misunderstood this intention when I changed
xfrm_dst_check() to always return NULL.

Now, when we purge a dst entry, by running dst_free()
on it.  This will set the dst->obsolete to a positive
integer, and we want to return NULL in that case so
that the socket does a relookup for the route.

Thus, if dst->obsolete<0, let stale_bundle() validate
the state, else always return NULL.

In general, we need to do things more intelligently
here because we flush too much state during rule
changes.  Herbert Xu has some ideas wherein the key
manager gives us some help in this area.  We can also
use smarter state management algorithms inside of
the kernel as well.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: xt_hashlimit: fix limit off-by-one
Patrick McHardy [Mon, 14 Aug 2006 01:06:02 +0000 (18:06 -0700)]
[NETFILTER]: xt_hashlimit: fix limit off-by-one

Hashlimit doesn't account for the first packet, which is inconsistent
with the limit match.

Reported by ryan.castellucci@gmail.com, netfilter bugzilla #500.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: xt_string: fix negation
Phil Oester [Mon, 14 Aug 2006 01:05:35 +0000 (18:05 -0700)]
[NETFILTER]: xt_string: fix negation

The xt_string match is broken with ! negation.
This resolves a portion of netfilter bugzilla #497.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[TCP]: Fix botched memory leak fix to tcpprobe_read().
David S. Miller [Mon, 14 Aug 2006 01:05:09 +0000 (18:05 -0700)]
[TCP]: Fix botched memory leak fix to tcpprobe_read().

Somehow I clobbered James's original fix and only my
subsequent compiler warning change went in for that
changeset.

Get the real fix in there.

Noticed by Jesper Juhl.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years agoUSB: usbtest.c: unsigned retval makes ctrl_out return 0 in case of error
Orjan Friberg [Wed, 9 Aug 2006 06:31:40 +0000 (23:31 -0700)]
USB: usbtest.c: unsigned retval makes ctrl_out return 0 in case of error

In my quest to try and figure out why test 14 (control write) doesn't
work with my EZ-USB board, I noticed that sometimes testusb reported
no error even though the kernel log complained "byte 0 is 0 not 2" etc.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agoUSB: ftdi_sio driver - new PIDs
Jonathan Davies [Wed, 9 Aug 2006 09:48:03 +0000 (10:48 +0100)]
USB: ftdi_sio driver - new PIDs

Signed-off-by: Jonathan Davies <jjd27@cam.ac.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agoUSB: Additional PID for SHARP W-ZERO3
Norihiko Tomiyama [Tue, 8 Aug 2006 05:31:25 +0000 (14:31 +0900)]
USB: Additional PID for SHARP W-ZERO3

I write a patch for ipaq.c.
Would you like to add upstream tree ?

This patch enables a support of "SHARP W-ZERO3(WS004SH)" and "SHARP W-ZERO3[es](WS007SH)".

From: Norihiko Tomiyama <norihiko.tomiyama@ctc-g.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agoUSB: appletouch: fix atp_disconnect
Johannes Berg [Wed, 19 Jul 2006 13:39:46 +0000 (15:39 +0200)]
USB: appletouch: fix atp_disconnect

appletouch uses urb->transfer_dma after having freed the urb, this shows
up only if the system is compiled with slab debugging. This patch fixes
it by reordering the free calls.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Vojtech Pavlik <vojtech@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agoUSB: removed a unbalanced #endif from ohci-au1xxx.c
Yoichi Yuasa [Thu, 3 Aug 2006 00:54:24 +0000 (09:54 +0900)]
USB: removed a unbalanced #endif from ohci-au1xxx.c

This patch has removed a unbalanced #endif from ohci-au1xxx.c .
Please apply before 2.6.18 release.

Error message was:
In file included from drivers/usb/host/ohci-hcd.c:909:
drivers/usb/host/ohci-au1xxx.c:113:2: #endif without #if

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agoUSB: unusual_devs entry for A-VOX WSX-300ER MP3 player
David Kuehling [Mon, 7 Aug 2006 14:18:48 +0000 (10:18 -0400)]
USB: unusual_devs entry for A-VOX WSX-300ER MP3 player

This patch (as763) adds an unusual_devs entry for the A-VOX WSX-300ER MP3
player.

From: David Kuehling <dvdkhlng@gmx.de>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agoPCI: remove dead HOTPLUG_PCI_SHPC_PHPRM_LEGACY option.
Dave Jones [Wed, 9 Aug 2006 19:25:09 +0000 (15:25 -0400)]
PCI: remove dead HOTPLUG_PCI_SHPC_PHPRM_LEGACY option.

Nothing in the tree references this config option.

Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agopciehp: make pciehp build for powerpc
Kristen Carlson Accardi [Tue, 8 Aug 2006 13:44:26 +0000 (09:44 -0400)]
pciehp: make pciehp build for powerpc

Make pciehp build on powerpc

Signed-off-by: Kristen Carlson Accardi <kristen.c.accardi@intel.com>
Acked-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agopr_debug() should not be used in drivers
Pavel Machek [Mon, 7 Aug 2006 23:37:15 +0000 (01:37 +0200)]
pr_debug() should not be used in drivers

pr_debug() should not be used from drivers, add comment saying that.

Signed-off-by: Pavel Machek <pavel@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agogenhd.c reference in Documentation/kobjects.txt
Brandon Philips [Tue, 1 Aug 2006 19:04:17 +0000 (14:04 -0500)]
genhd.c reference in Documentation/kobjects.txt

block/genhd.c no longer in drivers/.  Update Documentation/kobjects.txt

Signed-off-by: Brandon Philips <brandon@ifup.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agoAdd stable branch to maintainers file
Steven Rostedt [Thu, 3 Aug 2006 16:28:11 +0000 (12:28 -0400)]
Add stable branch to maintainers file

While helping someone to submit a patch to the stable branch, I noticed
that the stable branch is not listed in the MAINTAINERS file.  This was
after I went there to look for the email addresses for the stable branch
list (stable@kernel.org).

This patch adds the stable branch to the maintainers file so that people
can find where to send patches when they have a fix for the stable team.

Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agoMerge gregkh@master.kernel.org:/home/rmk/linux-2.6-mmc
Greg Kroah-Hartman [Thu, 10 Aug 2006 22:10:01 +0000 (15:10 -0700)]
Merge gregkh@kernel.org:/home/rmk/linux-2.6-mmc

18 years agoMerge gregkh@master.kernel.org:/home/rmk/linux-2.6-arm
Greg Kroah-Hartman [Thu, 10 Aug 2006 22:07:17 +0000 (15:07 -0700)]
Merge gregkh@kernel.org:/home/rmk/linux-2.6-arm

18 years ago[S390] dasd calls kzalloc while holding a spinlock.
Horst Hummel [Thu, 10 Aug 2006 13:45:16 +0000 (15:45 +0200)]
[S390] dasd calls kzalloc while holding a spinlock.

The dasd function dasd_set_uid calls kzalloc while holding the
dasd_devmap_lock. Rearrange the code to do the memory allocation
outside the lock.

Signed-off-by: Horst Hummel <horst.hummel@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
18 years agoMerge git://oss.sgi.com:8090/nathans/xfs-rc-2.6
Greg Kroah-Hartman [Thu, 10 Aug 2006 06:57:52 +0000 (23:57 -0700)]
Merge git://oss.sgi.com:8090/nathans/xfs-rc-2.6

18 years ago[XFS] Fix xfs_free_extent related NULL pointer dereference.
Nathan Scott [Thu, 10 Aug 2006 04:40:41 +0000 (14:40 +1000)]
[XFS] Fix xfs_free_extent related NULL pointer dereference.

We recently fixed an out-of-space deadlock in XFS, and part of that fix
involved the addition of the XFS_ALLOC_FLAG_FREEING flag to some of the
space allocator calls to indicate they're freeing space, not allocating
it. There was a missed xfs_alloc_fix_freelist condition test that did not
correctly test "flags". The same test would also test an uninitialised
structure field (args->userdata) and depending on its value either would
or would not return early with a critical buffer pointer set to NULL.

This fixes that up, adds asserts to several places to catch future botches
of this nature, and skips sections of xfs_alloc_fix_freelist that are
irrelevent for the space-freeing case.

SGI-PV: 955303
SGI-Modid: xfs-linux-melb:xfs-kern:26743a

Signed-off-by: Nathan Scott <nathans@sgi.com>
18 years ago[IPX]: Fix typo, ipxhdr() --> ipx_hdr()
David S. Miller [Thu, 10 Aug 2006 00:36:15 +0000 (17:36 -0700)]
[IPX]: Fix typo, ipxhdr() --> ipx_hdr()

Noticed by Dave Jones.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6]: The ifa lock is a BH lock
Herbert Xu [Wed, 9 Aug 2006 23:52:04 +0000 (16:52 -0700)]
[IPV6]: The ifa lock is a BH lock

The ifa lock is expected to be taken in BH context (by addrconf timers)
so we must disable BH when accessing it from user context.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[PATCH] PATCH: 2.6.18 oops on boot fix for IDE
Alan Cox [Wed, 9 Aug 2006 14:04:58 +0000 (15:04 +0100)]
[PATCH] PATCH: 2.6.18 oops on boot fix for IDE

When the IDE fix for Jmicron went in one piece went walking somewhere
(send log shows my end somehow). Without this sometimes you get an oops
on boot.

Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
18 years agoMerge gregkh@master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Greg Kroah-Hartman [Wed, 9 Aug 2006 18:49:13 +0000 (11:49 -0700)]
Merge gregkh@/linux/kernel/git/davem/net-2.6

18 years agoMerge branch 'upstream-greg' of gregkh@master.kernel.org:/pub/scm/linux/kernel/git...
Greg Kroah-Hartman [Wed, 9 Aug 2006 18:46:30 +0000 (11:46 -0700)]
Merge branch 'upstream-greg' of gregkh@/linux/kernel/git/jgarzik/netdev-2.6

18 years agoMerge branch 'upstream-greg' of gregkh@master.kernel.org:/pub/scm/linux/kernel/git...
Greg Kroah-Hartman [Wed, 9 Aug 2006 18:45:59 +0000 (11:45 -0700)]
Merge branch 'upstream-greg' of gregkh@/linux/kernel/git/jgarzik/libata-dev

18 years ago[NET]: add_timer -> mod_timer() in dst_run_gc()
Dmitry Mishin [Wed, 9 Aug 2006 09:25:54 +0000 (02:25 -0700)]
[NET]: add_timer -> mod_timer() in dst_run_gc()

Patch from Dmitry Mishin <dim@openvz.org>:

Replace add_timer() by mod_timer() in dst_run_gc
in order to avoid BUG message.

       CPU1                            CPU2
dst_run_gc()  entered           dst_run_gc() entered
spin_lock(&dst_lock)                   .....
del_timer(&dst_gc_timer)         fail to get lock
       ....                         mod_timer() <--- puts
                                                 timer back
                                                 to the list
add_timer(&dst_gc_timer) <--- BUG because timer is in list already.

Found during OpenVZ internal testing.

At first we thought that it is OpenVZ specific as we
added dst_run_gc(0) call in dst_dev_event(),
but as Alexey pointed to me it is possible to trigger
this condition in mainstream kernel.

F.e. timer has fired on CPU2, but the handler was preeempted
by an irq before dst_lock is tried.
Meanwhile, someone on CPU1 adds an entry to gc list and
starts the timer.
If CPU2 was preempted long enough, this timer can expire
simultaneously with resuming timer handler on CPU1, arriving
exactly to the situation described.

Signed-off-by: Dmitry Mishin <dim@openvz.org>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[S390] dasd set offline kernel bug.
Horst Hummel [Wed, 9 Aug 2006 08:30:22 +0000 (10:30 +0200)]
[S390] dasd set offline kernel bug.

The request queue flush function of the dasd driver has to dequeue
the requests first and then call the end request function. Otherwise
a kernel bug in ll_rw_block.c might get triggered.

Signed-off-by: Horst Hummel <horst.hummel@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>